Finding in Cisco's Annual Security Report, (Sat, Jan 25th)
The report highlight the fact that now "[...] the cybercrime network has become so mature, far-reaching, well-funded, and highly effective as a business operation that very little in the cybersecurity...
View ArticleLooking for Packets for IP address 71.6.165.200, (Sun, Jan 26th)
The DShield database this morning show a tremendous uptick in activity coming out of IP address 71.6.165.200 over the past few weeks, so I am reaching out to everyone to see if anybody has packets...
View ArticleISC StormCast for Monday, January 27th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Log Parsing with Mandiant Highlighter (1), (Mon, Jan 27th)
Reading log isn’t the most enjoyable thing in Network/Security Analysis, sometimes it’s impossible to get something useful from log without using a log parser .In this diary I am going to talk about...
View ArticleISC StormCast for Tuesday, January 28th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSendmail v8.14.8 released -...
-Kevin -- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHow to send mass e-mail the right way, (Fri, Jan 24th)
We all don't like spam, but sometimes, there are good reasons to send large amounts of automatically created e-mails. Order confirmations, newsletters or similar services. Sadly, I often see how it is...
View ArticleISC StormCast for Wednesday, January 29th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHow to Debug DKIM, (Wed, Jan 29th)
DKIM is one way to make it easier for other servers to figure out if an e-mail sent on behalf of your domain is spoofed. Your mail server will add a digital signature to each email authenticating the...
View ArticleOracle Reports Vulnerability, (Thu, Jan 30th)
I mentioned this vulnerability earlier this week in a podcast, but believe it deserves a bit more attention, in particular as exploits are now public, and a metasploit module appears in the works....
View ArticleISC StormCast for Thursday, January 30th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleIPv6 and isc.sans.edu (Update), (Thu, Jan 30th)
About 4 years ago, I published a quick diary summarizing our experience with IPv6 at the time [1]. Back then, the IPv6 traffic to our site was miniscule. 1.3% of clients connecting to our server used...
View ArticleNew gTLDs appearing in the root zone, (Thu, Jan 30th)
Over the last month or so, new gTLDs (generic top level domains) have been added to the root zone by ICANN. This is the beginning of a process of adding a couple hundred new gTLDs which ICANN colleted...
View ArticleAttack on Yahoo mail accounts, (Fri, Jan 31st)
Yahoo announced they discovered attempts to access Yahoo mail accounts [1]. Not a huge amount of information has currently been released about what happened, but the usernames and passwords have come...
View ArticleISC StormCast for Friday, January 31st 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleCVE-2013-6230 & CVE 2014-0591 fixed in BIND 9.9.5, BIND 9.8.7 & BIND...
Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleLooking for packets from three particular subnets, (Fri, Jan 31st)
A reader wrote in reporting seeing a large amount odd activity from three subnets across a large number of disparate networks he managed. Addresses from these subnets have been generating between...
View ArticleISC StormCast for Monday, February 3rd 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleWhen an Attack isn't an Attack, (Mon, Feb 3rd)
I think I have seen it referred to as the "X-Files Effect". You just installed a new firewall or IDS, it is still all new and shiny and the logs are still fresh and interesting. Looking at your logs,...
View ArticleTriple Handshake Cookie Cutter, (Tue, Mar 4th)
Researches have released a paper describing several vulnerabilities in TLS (Transport Layer Security). Some of the attacks have been known for a while, but the paper combines and explains them nicely,...
View Article